Just a curious question around Exchange 2016 / AD account lockouts. I have a user who has a couple of mobile devices (two iPad's, a Surface tablet and an iPhone). On each client, he runs a couple different email clients which connect to his Exchange 2016 mailbox, including the native Mail app, Outlook for iOS and Spark (I know, but it's a case that hes trying to find the client that works best for him. On top of that, he is the owner of the business). Since changing his password, his account keeps locking out. Apparently he's update the password on every device and in every app, but still it keeps locking out.
Looking at the AD event logs, I can see that it is being locked via calls to the Exchange server. What I was wondering is if there was a way to identify the actual device or app that might be causing the account to lockout. From what I can tell, the AD logging level shows the calls from Exchange, but not much else. If I use Get-ActiveSyncDeviceStatistics, it shows that the devices all had a successful sync. But I'm guessing that would not show issues if an app had the incorrect password?